How to Add ACL Entries to a File

Sets an ACL on the file. If a file already has an ACL, it
is replaced. This option requires at least the user::, group::, and other:: entries.

user::perms

Specifies the file owner permissions.

group::perms

Specifies the group ownership permissions.

other:perms

Specifies the permissions for users other than the file owner
or members of the group.

mask:perms

Specifies the permissions for the ACL mask. The mask indicates
the maximum permissions that are allowed for users (other than the owner)
and for groups.

acl-entry-list

Specifies the list of one or more ACL entries to set for specific
users and groups on the file or directory. You can also set default ACL entries
on a directory. Table 7–7 and Table 7–8 show the valid ACL entries.

filename ...

Specifies one or more files or directories on which to set
the ACL. Multiple filenames are separated by spaces.

Caution –

If an ACL already exists on the file, the -s option
replaces the entire ACL with the new ACL.

Example 7–7 Setting an ACL on a File

In the following example, the file owner permissions are set to read
and write, file group permissions are set to read only, and other permissions
are set to none on the ch1.sgm file. In addition, the
user anusha is given read and write permissions on the
file. The ACL mask permissions are set to read and write, which means that
no user or group can have execute permissions.

In the following example, the file owner permissions are set to read,
write, and execute, file group permissions are set to read only, other permissions
are set to none. In addition, the ACL mask permissions are set to read on
the ch2.sgm file. Finally, the user anusha is
given read and write permissions. However, due to the ACL mask, the permissions
for anusha are read only.

In the following example, the default permissions for the group staff are modified to read on the book directory.
In addition, the default ACL mask permissions are modified to read and write.

% setfacl -m default:group:staff:4,default:mask:6 book

How to Delete ACL Entries From a File

Delete ACL entries from a file.

% setfacl -d acl-entry-list filename ...

-d

Deletes the specified ACL entries.

acl-entry-list

Specifies the list of ACL entries (without specifying the
permissions) to delete from the file or directory. You can only delete ACL
entries and default ACL entries for specific users and groups. Table 7–7 and Table 7–8 show the valid ACL entries.

filename ...

Specifies one or more files or directories, separated by a
space.

Alternatively, you can use the setfacl -s command
to delete all the ACL entries on a file and replace them with the new ACL
entries that are specified.

Verify that the ACL entries were deleted from the file.

% getfacl filename

Example 7–10 Deleting ACL Entries on a File

In the following example, the user anusha is
deleted from the ch4.sgm file.

How to Display ACL Entries for a File

Displays the file name, file owner, file group, and the default
ACL entries, if they exist, for the specified directory.

filename ...

Specifies one or more files or directories, separated by a
space.

If you specify multiple file names on the command line, the ACL entries
are displayed with a blank line between each entry.

Example 7–11 Displaying ACL Entries for a File

In the following example, all the ACL entries for the ch1.sgm file
are displayed. The #effective: note beside the user and
group entries indicates what the permissions are after being modified by the
ACL mask.